PowerShell must be installed on the Windows server with Azure PowerShell modules msoidcli_64.msi

Change the O365 from Managed to Federated:

Connect via PowerShell with Connect-MsolService and enter your O365 admin credentials.
With Get-MsolDomain you can check the available domains.
Now you need to build your command to change O365 domain from managed to federated.

Create one string of all the required options and paste them into your connected to o365 PowerShell window.

The cert you need is found in WorkspaceONE on the SAML Metadata page.
If you run into the message that you cannot change your primary domain then make the MS domain default for the time being and convert it back to your desired state after changing to a federation.